Hacked after posting on twitter

Today I posted about my invoice demo site on twitter and 5 minutes later, I was hacked.

My demo site is on http://www.kbikeno.com/demo

Does this app have protection against sql injectors, because my database was inserted with “$Hacked from twitter$” and the language changed from English to Deutsche

If you leave your site running without protecting it everybody can change settings and switch languages…

Can you please provide more info. How do I protect my site?! Does it have to do with my hosting company or invoice plane?!

I have the right permission of 755, site lock on and everything. Please assist

the demo password is the same password as mysql user?

No, mysql database and user password is different from the demo password. @FooLab

@KondjaBoytjie I just released an official InvoicePlane demo version you can use: https://github.com/InvoicePlane/Demo

Thanks a lot @Kovah

If anything is missing or does not work please report back, I just put the demo together in a rush and I may missed something

Noted @kovah

@Kovah what database encryption are you using for the password. I need to change the password in the database

Please copy the encrypted password from another instance as there’s no easy way to generate a password

Great thanks. @kovah

The demo is giving me that error @Kovah

Please download the latest package, I updated it since posting it first.

Now it’s redirecting back to my main web link after I enter this http://www.kbikeno.com/demo @Kovah

I have changed this to RewriteBase /demo, but still the same thing @Kovah

I will go back to my previous demo for now.

I updated the demo, URLs should now be detected correctly with subfolders. Could you try again please?

Thank you. The demo works fine now. @Kovah

1 Like

Hi @Kovah,

Please I’m getting this error on my demo when im trying to view pdf.


Please check the template settings.